The OAuth 2.0 Authorization Framework: Bearer Token Usage

This specification describes how to use bearer tokens in HTTP requests to access OAuth
2.0 protected resources. Any party in possession of a bearer token (a "bearer") can
use it to get access to the associated resources (without demonstrating possession
of a cryptographic key). To prevent misuse, bearer tokens need to be protected from
disclosure in storage and in transport.